email-finder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and scrapes public, user-generated third-party content—e.g., website pages like /contact, /about, /team via fetch(), WHOIS records, and social media profiles (LinkedIn, GitHub, Twitter/X)—and the agent is expected to read and parse that content to extract emails and names as part of its workflow, exposing it to potential indirect prompt injection.